This is an automated email from the git hooks/post-receive script.

Git pushed a commit to branch master
in repository ffmpeg.

The following commit(s) were added to refs/heads/master by this push:
     new f9482e1d01 avcodec/nellymoserdec: Check block count to avoid integer 
overflow
f9482e1d01 is described below

commit f9482e1d01d7ae9395194f3c84b1d67dfb65c645
Author:     Marco Reimann <[email protected]>
AuthorDate: Tue Jun 23 04:14:59 2026 +0200
Commit:     michaelni <[email protected]>
CommitDate: Fri Jun 26 21:14:51 2026 +0000

    avcodec/nellymoserdec: Check block count to avoid integer overflow
    
    Fixes: out of array access
    Fixes: nelly.avi / gen_nelly_overflow.py
    Fixes: pgc86PfE7ZpA
    Fixes: 0eea21294354 (Add avcodec_decode_audio4().)
    Signed-off-by: Michael Niedermayer <[email protected]>
---
 libavcodec/nellymoserdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/nellymoserdec.c b/libavcodec/nellymoserdec.c
index 36477173ff..7037d6b0ba 100644
--- a/libavcodec/nellymoserdec.c
+++ b/libavcodec/nellymoserdec.c
@@ -156,8 +156,8 @@ static int decode_tag(AVCodecContext *avctx, AVFrame *frame,
 
     blocks     = buf_size / NELLY_BLOCK_LEN;
 
-    if (blocks <= 0) {
-        av_log(avctx, AV_LOG_ERROR, "Packet is too small\n");
+    if (blocks <= 0 || blocks > INT_MAX / NELLY_SAMPLES) {
+        av_log(avctx, AV_LOG_ERROR, "Packet is too small or too large\n");
         return AVERROR_INVALIDDATA;
     }
 

_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to